Microsoft Windows 2008 Server R2 Expertise: Integration and Technical Support
Windows Server 2008 R2 with SP 1 adds significant improvements to the initial release of Windows Server 2008 in key areas that include server and desktop virtualization, security and performance for branch offices, web services, fault tolerance and availability, management automation, and integration with Windows 7 clients. Available only in 64-bit versions, Windows Server 2008 R2 delivers outstanding levels of performance, security, fault tolerance, expandability, and versatility that accelerate return on investment by lowering equipment and operating costs and improving the productivity of local, remote, and mobile workers.
Progent is a Microsoft Partner with the top-level Gold certification in the Server Platform competency. Progent's network engineers can provide cost-effective remote consulting, technical support, and training services to help you plan, implement, and manage Windows Server 2008 R2 in order to add substantial business value to your information system.
Major Editions of Windows 2008 Server R2
Microsoft offers Windows Server 2008 R2 in versions designed to meet the budgets and operational requirements of businesses of any size. Major editions of Windows Server 2008 R2 include:
Windows Server 2008 R2 Foundation: This entry-level edition is targeted at small businesses looking for an affordable application server that is dependable and secure. Foundation supports 8 GB of RAM, one processor, and 50 Remote Service Gateways but does not include Hyper-V for virtual servers, Failover Clustering for fault tolerance, the Active Directory Federation role for collaboration between organizations. or DirectAccess Management for remote access without a VPN connection.
Windows Server 2008 R2 Standard: The Standard edition offers small and mid-size businesses a rich feature set that includes Hyper-V and advanced remote access technology but does not support Failover Clustering. The Standard edition supports 32 GB of RAM, 4 processors, one virtual machine in addition to a host, and 250 Remote Service Gateways.
Windows Server 2008 R2 Enterprise: The Enterprise edition is designed for businesses who need to minimize downtime for mission-critical applications. High-availability technologies provided in the Enterprise edition and not in the Standard edition include Failover Clustering, cross-file replication, fault-tolerant memory synchronization, and Hot Add Memory. The Enterprise edition supports 2 TB of RAM, 8 processors, 4 virtual machines in addition to the host, and unlimited Remote Service Gateways.
Windows Server 2008 R2 Datacenter: This is the premiere edition of Windows Server 2008 R2 for businesses and is targeted at organizations requiring the highest levels of availability and scalability. The Datacenter edition supports 2 TB of RAM, up to 64 processors, unlimited virtual machine licensing, and unlimited Remote Service Gateways. Fault-tolerant technologies supported by the Datacenter edition but not by the Enterprise edition include Hot Replace Memory and Hot Add/Replace Processors.
Microsoft Web Server 2008 R2: The Web edition of Windows Server 2008 R2 is designed as an affordable, dedicated platform for web applications and services. The Web edition does not include Hyper-V, Failover Clustering, or Remote Service Gateways but does offer advanced remote management. This web-facing server supports 32 GB of RAM and 4 processors and can be virtualized as a guest.
Server Core installation options are supported for all these editions of Windows Server 2008 R2 except Foundation. Server Core installations allow you to select only the server roles you need to run specific applications. These minimal configurations reduce physical resource requirements, simplify management by eliminating unnecessary components, and enhance security by shrinking the operating system's attack surface.
Windows Server 2008 R2 offers a wide range of new capabilities and improved features that impact every aspect of server technology. Progent offers expert consulting to help you assess the business benefits of upgrading to Windows Server 2008 R2, select the version of Windows Server 2008 R2 and server roles that make the most sense for your organization, and follow industry best practices in migrating smoothly and affordably from previous versions of Windows.
Enhancements to Server Virtualization with Windows Server 2008 Hyper-V
Hyper-V is a server role within Windows Server 2008 R2 that provides the technology for building and managing advanced virtual server environments. Hyper-V allows you to run multiple logical servers on a single computer, treating each operating system and its set of applications as though they were running on a dedicated physical server. Hyper-V can dramatically reduce the cost of equipment, power, and space by consolidating hardware. Hyper-V can also reduce development time and risk by making it easy to set up test systems that are logically isolated from your production environment. Another important benefit of Hyper-V is that it allows you to configure affordable and easy-to-manage architectures that incorporate advanced fault-tolerant technologies such as failover clustering to achieve enterprise-class availability and fast recoverability.
Major enhancements to Hyper-V server virtualization include:
Live Migration: This enhancement to Hyper-V depends on the new clustering technology provided in Windows Server 2008 R2 and makes it possible for virtual machines to be moved between nodes within a cluster without losing the network connection or even causing noticeable downtime. An important advantage of Live Migration is that administrators can avoid the disruption and associated productivity loss that can otherwise be caused by scheduled server maintenance.
Cluster Shared Volumes (CSV): Hyper-V can now utilize Cluster Shared Volume storage to simplify the management and increase the benefits of shared storage. CSV allows Windows servers to share SAN storage under a consistent namespace for all volumes and hosts. When combined with the failover clustering capability of Windows Server 2008 R2, CSV enables Live Migration of virtual machines between nodes within a cluster.
Dynamic Virtual Machine Storage: With Hyper-V integration services installed on the guest operating system, you can add or remove virtual and physical disk drives while a virtual machine is still running. This makes it possible to reconfigure virtual machines according to changing workload requirements without disrupting business operations.
Increased Scalability: Hyper-V now supports up to 32 physical processors, 64 logical processors, and 384 virtual machines. This makes it possible to run more processor-intensive workloads and more virtual machines on a physical host and allows you to take full advantage of the latest server hardware for improved server consolidation and reduced space and power requirements in your data center.
Second Level Translation (SLAT): SLAT takes advantage of the architecture of newer Intel/AMD processors to add an indirection layer between virtual machine memory and physical memory access. This second level of paging improves the performance of virtual machines and, by reducing the load on the Hyper-V Hypervisor, makes it practical to assign more virtual machines to a physical host.
Jumbo Frames: In early versions of Windows 2008 Server, support for jumbo frames was limited to non-virtual environments. Hyper-V's support for frames of up to 9,014 bytes can improve network performance and reduce CPU utilization for virtualized servers as long as the physical network infrastructure supports jumbo frames.
Improved Management Tools: Managing virtual data centers is easier thanks to the new Hyper-V Management Console for handling routine tasks, additional pre-written PowerShell cmdlets for automating the administration of Hyper-V virtual machines within clusters, and enhancements to System Center Virtual Machine Manager 2008 for dynamically pooling, allocating, and managing datacenter resources.
Enhancements to Desktop Virtualization with Windows Server 2008 R2 and Windows 7
Early versions of Windows Server included Terminal Services to allow remote clients connected via the Internet to run applications hosted on a centrally managed server located at a corporate data center. In Windows Server 2008 R2, Terminal Services has been revamped and renamed Remote Desktop Services (RDS). Microsoft's new Virtual Desktop Infrastructure (VDI) that powers RDS simplifies client connectivity, improves performance, strengthens security, streamlines management, expands administrative control, provides a near-transparent user environment, and permits a wide range of managed and unmanaged devices used by authorized clients to access corporate resources.
The basic concept behind desktop virtualization is that remote client machines send keyboard and mouse input to a central server, which returns the appropriate screen images. The advantages of this architecture include the ease with which network administrators can configure applications so they are consistent across an entire workforce, the ability to control access to corporate information, and the rapid deployment of new desktops. RDS goes far towards closing the gap between the user experience running local vs. remote applications while at the same time offering administrators highly granular control over security policies and access rights.
Important new or enhanced features to desktop virtualization provided by Windows Server 2008 R2 include:
Microsoft RemoteFX: This integrated feature of RDS uses advanced codecs and hardware-assisted graphics acceleration on the data center host to provide an over-the-Internet experience that matches what users see on their local desktop. RemoteFX features multi-monitor support, Windows Media Player redirection, and bi-directional audio. Remote clients can also use a variety of USB-based devices during virtual desktop sessions.
RemoteApp and Desktop Connection (RAD): The enhanced RAD makes it simpler for administrators to publish new remote desktops and applications and allows remote users to access them transparently. Close integration with Windows 7 includes a new control panel applet and allows programs and desktops to appear in the Start Menu and connection status to be displayed in the System Tray. This eliminates the major perceptible differences between local and remote applications and provides users with a seamless experience while using RAD-delivered virtual desktops and applications.
Remote Desktop Web Access: This feature allows a consistent selection of applications to be accessible to users regardless of the desktop operating system they are running. The new default web page supports single sign-on to improve productivity.
Remote Desktop Virtualization Host: This new RDS role works with Hyper-V and allows administrators to establish personal or pooled virtual desktops. A personal virtual desktop, which is assigned in Active Directory Domain Services, allows a user to customize a virtual desktop and access it simply by logging in. With a virtual desktop pool, an administrator can create a single desktop environment that is identical for all users in a group.
Fair Share CPU Scheduling: This new RDS feature utilizes the kernel-level scheduler of Windows Server 2008 R2 to distribute CPU time on the fly based on the number of active sessions and their load on the processor. This automates efficient CPU allocation in multi-user environments with dynamic loads.
Remote Desktop Gateway: RD Gateway eliminates the need for VPN connections to access RDS resources from the Internet. Instead, RD Gateway creates secure connections by tunneling Remote Desktop Protocol over HTTPS. This saves the cost and hassle of managing VPN hardware and software and improves productivity by making it significantly easier for remote users to access corporate resources.
Configurable Idle and Session Timeouts: RD Gateway allows administrators to disconnect idle sessions or limit session length. This makes it possible to recover resources used by an inactive session. The user can quickly restore the session via RDS without losing session data. Session timeout lets administrators apply changes in user properties or authorization policies to existing sessions.
Background Session Authentication and Authorization: This new option allows administrators to set the RD Gateway to run periodic silent re-authentication on all current sessions to make sure that any changes to user profiles are enforced promptly. If a user's profile has not changed, the user can continue working without interruption.
RDS Module for Windows PowerShell: The Remote Desktop Services Module for Windows PowerShell allows administrators to view and configure settings for role services that include publishing and deleting RemoteApp programs, assigning virtual desktops to user accounts, managing RAD virtual desktops or RemoteApp, and configuring RD Gateway Server. Scripting capability makes it possible to automate most RDS administration tasks.
Improved Support for Branch Offices
Windows Server 2008 R2 includes new technologies for improving the performance, affordability, fault tolerance, and productivity of networks located at branch offices. BranchCache is a headline feature of Windows Server 2008 R2 that improves the responsiveness of a network at a remote location by creating an on-site cache of content that is frequently downloaded over the Internet by users of Windows 7 desktops. BranchCache works with HTTP/HTTPS and SMB protocols and can cache web data, shared folders, Windows Media, and other applications. To ensure consistency, only read requests are cached. BranchCache can significantly reduce the amount of data that must be transferred over the Internet to a remote office and thereby saves the cost of faster ISP services while improving user productivity. BranchCache can be implemented by using a dedicated server at the remote office to act as a central cache or by using the Windows 7 workstations of office workers as a distributed cache.
New features of Windows Server 2008 R2 that offer enhanced support for branch offices include:
Hosted BranchCache: This configuration of BranchCache, which is available only for the Datacenter and Enterprise editions of Windows Server 2008 R2, maximizes network responsiveness at a remote office by using a dedicated server for caching. The Hosted BranchCache computer can run the Server Core option of Windows Server 2008 R2 to reduce hardware requirements and simplify management, or it can run on a full-featured server that hosts other applications.
Distributed BranchCache: This implementation of BranchCache, supported by all major editions of Windows Server 2008 R2, is suitable for offices with 10 or fewer Windows 7 workstations and does not require a dedicated local server. Instead, the desktop computers of the branch office workers share caching responsibilities and operate within a distributed, peer-to-peer architecture to cache content from the corporate data center.
Read-only DFS Replicas: This new security feature is similar in concept to the read-only Active Directory Domain Controller introduced in the original version of Windows Server 2008. Network managers can now make read-only copies of data contained in Distributed File System replicas. Branch offices with a weaker security profile than the corporate data center can be limited to read-only access to information replicated using DFS, protecting DFS data from inadvertent or malicious deletion or modification.
Agile VPN: This new feature improves fault tolerance and network availability at branch offices by allowing network managers to configure multiple paths within a virtual private network tunnel. If a physical connection to the corporate data center fails, Agile VPN can automatically use a different path without terminating the tunnel or requiring the user to reestablish the VPN connection. This avoids an interruption in connectivity and a consequent loss of worker productivity.
DirectAccess for Remote Connectivity
This is another new headline technology included in Windows Server 2008 R2 that works with a Windows 7 client. DirectAccess provides secure and transparent remote access to a corporate network without requiring the user to initiate a VPN session. This always-on technology is activated automatically whenever a mobile computer client is connected to the Internet, even if the user has not logged on. This provides a high level of transparency for users of Windows 7 Enterprise or Ultimate Edition who want to access corporate resources such as intranet sites or applications.
DirectAccess uses IPv6 connectivity so clients have globally routable addresses, and implements IPsec security to connect remote users to a DirectAccess server hosted by Windows Server 2008 R2 and located behind the firewall within the corporate data center. DirectAccess needs no client-side installation but relies on Active Directory domain membership and Group Policy settings for configuration, making it easy for administrators to manage remote computers. DirectAccess also makes it simple for network managers to enforce security and system health policies and provides fine granularity for assigning remote users access rights to corporate IT resources.
Important features of DirectAccess include:
Transparent Remote Connectivity: Because DirectAccess connects automatically whenever a remote client is attached to the Internet, off-site users can get to their email or other remote resources as easily as if they were directly connected to the corporate network. By eliminating the need for initiating a VPN session, DirectAccess increases the productivity of remote workers.
Improved Management: DirectAccess allows administrators to manage, monitor, and update remote computers any time the user is connected to the Internet, even if the client is not logged into the corporate network. This makes it possible, for example, to apply new Group Policy settings without requiring any activity on the part of the remote user. In addition, DirectAccess requires no special software installation on the client machine, which simplifies the task of provisioning and maintaining a mobile workforce.
Enhanced Security: DirectAccess security is based on industry-standard IPsec protocol, which is widely used in VPN solutions. However, DirectAccess has an advantage over IPsec-based VPN connections by supporting optional end-to-end encryption and authentication. DirectAccess can also be combined with Network Access Protection (NAP) to ensure that remote clients comply with system health policies such as the latest security updates and malware definitions. DirectAccess can also be used with smart cards and Active Directory-based PKINT authentication for additional security.
Web Platform Improvements and Internet Information Services 7.5
All editions of Windows Server 2008 R2 include a new release of Internet Information Services. IIS 7.5 is an advanced server role for web site hosting and web application development. The new release provides enhanced security, reliability, expandability, and troubleshooting while offering major improvements in automated and remote management. Many familiar extensions to IIS have been both enhanced and integrated into IIS 7.5 such as the rules-based Request Filter Module (formerly called URL Scan), which can block dangerous HTTP requests from being processed by hosted web applications.
The new modular architecture of IIS 7.5 allows you to use Microsoft's Web Platform Installer (Web PI) to customize web servers by removing unneeded modules or adding modules provided by Microsoft, developed in house, or purchased from third-party vendors. These custom server deployments typically have fewer components, which makes them easier to manage, more responsive, and less vulnerable to malicious attacks due to their smaller target area.
Major enhancements to Windows Server 2008 R2 as a web hosting and development platform include:
Windows PowerShell Provider: This is a Windows PowerShell snap-in that allows administrators to script routine jobs, execute tasks automatically, and generate aggregated web metrics in real-time from multiple servers. Managers can create their own PowerShell cmdlets or use ones provided by Microsoft to perform a broad range of tasks such as adding, changing, or removing web sites and applications, configuring security, blocking access based on IP address, and archiving IIS settings and content.
Extensions to IIS Manager: IIS Manager includes a GUI interface for easy access to powerful new features that include the ability to manage advanced settings for FastCGI and ASP.NET applications or configuring address filtering rules. IIS Manager also now includes Configuration Editor for managing any of the system's configuration sections.
.NET Support for Server Core: The Server Core installation option of Windows Server 2008 R2 now supports the .NET Framework, making it possible to deploy secure, easy-to-manage, and low-overhead web servers that can host ASP.NET applications, perform IIS Manager remote management functions, and execute complex administrative scripts from PowerShell Provider for IIS.
Improved Support and Troubleshooting Tools: New tools to streamline support and troubleshooting include Configuration Logging for automatically tracking changes to IIS and application configurations, the FastCGI module to help PHP developers debug code using IIS Failed Request Tracing, and the Best Practices Analyzer (BPA) for scanning an IIS 7.5 web server and reporting possible configuration problems.
More Secure Content Publishing with FTP and WebDAV: The new FTP Publishing Service and WebDAV Extension for IIS 7.5 integrate transparently with IIS 7.5 Manager console to support content publishing using secure sockets layer (SSL) technology. Administrators can use IIS scripting tools like as AppCmd and the IIS PowerShell Provider to manage FTP configuration. WebDAV enhancements make it easier for authors to publish web content securely and can be enabled at the site level, allowing administrators to specify separate security settings for WebDAV authoring.
Dynamic Caching and Compression: Internet Information Services 7.5 can dramatically improve performance with HTTP compression between the web server and compression-enabled clients, plus kernel and user mode caching for dynamic content. When CPU headroom exists, administrators can simply use global compression for all sites, directories, and files. If the CPU load is too high, IIS 7.5 permits selective HTTP compression for sites and site elements that will have the greatest impact on performance.
Windows Server 2008 R2 has other improvements to technologies that help keep users productive despite software and equipment failure, planned maintenance, configuration errors, natural disaster, or malicious attack. These improvements to fault tolerance and availability cover a variety of areas including Network Load Balancing, Shadow Copy, and a new Windows Recovery Environment. Network Load Balancing (NLB) has been significantly enhanced with features that include transparent recovery from multi-bit ECC errors in memory and cache, hot-add/replace capability for CPUs and RAM for DHP-supported systems, scaling for up to 256 logical processors, IP Stickiness to provide persistent connections for applications such as shopping carts, full support for both the IPv6 and IPv4 versions of the Internet Protocol, and configurable failover priority for multiple paths between server and storage.
Important improvements to Windows Server 2008 R2 Failover Clustering include:
Clustered Shared Volumes (CSV): CSV volumes, a new feature of Windows Server 2008 R2, give nodes within a failover cluster simultaneous access to the same logical unit number (LUN). In addition to supporting Live Migration, CSV technology also eliminates the need to reformat SANs and improves the fault tolerance of node connections through the mechanism of dynamic I/O redirection.
Multi-site Clustering: Windows Server 2008 R2 now supports geographically dispersed clusters to achieve a high level of immunity from natural catastrophes such as floods and earthquakes and also to provide automatic disaster recovery that can get businesses back on line faster than is possible with a cold standby server. Automatic synchronization of applications and cluster changes also make Multi-site Clusters easy to manage.
Streamlined Cluster Setup and Migration: Effective deployment of Failover Clustering is made easier with the new Best Practices Analyzer for checking the configuration settings for a cluster and cluster nodes, the Cluster Validation Tool for one-step set up of a cluster, and Microsoft's Cluster Migration support for capturing and copying cluster settings and migrating workloads to a new cluster.
Quorum Resource Fault Tolerance: Windows Server 2008 R2 now allows cluster configurations that eliminate single-point failure for the cluster quorum, a critical component that holds the configuration settings for the entire cluster. Fault tolerance is further enhanced by the ability of the cluster service to isolate defective DLLs in order to protect the cluster.
Cluster Security: Windows Server 2008 R2 now supports IPsec security between client and cluster nodes as well as between nodes within a cluster nodes, enabling end-to-end data authentication and encryption. For auditing and troubleshooting purposes, it is also now possible to track who accessed a cluster and when the access occurred.
High Availability Storage: Failover Clustering in Windows Server 2008 R2 now supports GPT disks that exceed 2 terabytes in capacity, giving administrators more flexibility in creating fault-tolerant storage solutions. Availability is improved allowing administrators to change resources dependencies even when the affected resources are in use. Disks can also be verified, repaired, archived, or restored with little or no perceptible cluster disruption.
Improved Management Tools
Server management represents the single largest cost of running a data center and improvements in this area can have a major impact on IT budgets. For most organizations, managing servers locally is prohibitively expensive and logistically impractical. Windows Server 2008 R2 includes important enhancements to remote management of physical and virtual resources, security policy enforcement, and even data center power consumption. New GUI interfaces help system administrators visualize network components and processes, implement changes, monitor system health, and troubleshoot problems. New scripting capabilities save time and money by helping managers automate both routine tasks and complex operations that are particularly prone to human error. In addition, Microsoft's new FCI infrastructure allows automatic, policy-based classification and data management to cut administrative and storage costs and increase the business value of your information network.
Some of the top improvements for server management provided with Windows Server 2008 R2 include:
Windows File Classification Infrastructure (FCI): FCI allows administrators to classify files automatically based on their content and location in order to improve regulatory compliance, utilize storage more efficiently, and align backup and archiving procedures with real business needs.
Remote Management Tools: Improvements for remote management in Windows Server 2008 R2 include the integration of various management consoles to work with Server Manager's new remote administration features and the new ability of PowerShell to allow multiple managers to run scripted tasks on the same or many remote computers simultaneously.
PowerShell Enhancements for Automated Management: PowerShell has been updated with graphical interfaces for creating and debugging scripts, improved security for management data through constrained runspaces, and improved support for porting cmdlets and scripts. PowerShell includes hundreds of new cmdlets that can be combined into scripts for automating administrative, configuration, and diagnostic tasks.
Managing Active Directory Services Roles: Windows Server 2008 R2 includes identity management improvements for all Active Directory server roles. These improvements include a Recycle Bin for recovering deleted objects, the ability to join a domain without being connected during deployment, support for automatically updating all services that use a service account, and a new task-oriented Active Directory Administrative Center that supports larger datasets for streamlining common administrative tasks.
Security and Policy Enforcement: In addition to extensive enhancements for managing Active Directory server roles, Windows Server 2008 R2 provides other major improvements to security policy and enforcement. These include new Group Policy preference items that support power plans and scheduled tasks, integration of the Network Access Protection (NAP) client user interface into the Action Center on computers running Windows 7, and easier IPsec server and domain isolation.
How Progent Can Help You with Windows Server 2008 R2
Progent's Microsoft Gold-certified consultants can deliver affordable and effective remote consulting and technical support services to help you plan, execute, and maintain Windows Server 2008 R2 deployments. Progent can help you assess the business value of upgrading from earlier versions of Windows Server and can follow industry best practices to ensure a smooth migration to Windows Server 2008 R2.
Progent's Hyper-V virtualization consultants can help you set up a secure virtualized server environment that cuts equipment and data center costs, is easy to manage, and offers a high level of availability and recoverability. Progent's network designers can show you how to provide fast, safe, and reliable connections between your corporate data center and branch offices, telecommuters, and mobile workers. Progent's business continuity experts can help you design, document, and test disaster recovery procedures and can show you economical ways to maximize network uptime despite natural or man-made catastrophes. Progent's cluster technology consultants can assist you to set up and manage fault-tolerant server and storage clusters that incorporate the latest enhancements in Windows Server 2008 R2 and deliver world-class availability and performance at down-to-earth prices.
Progent's certified security engineers can help you define and implement appropriate Windows Server 2008 R2 Group Policy for managing options such as registry-based policy settings, security settings, application installation, administration scripts, folder redirection, and Remote Installation Server. Progent can also perform affordable remote security scans to assess your network's vulnerability to external and internal attacks in order to validate security compliance and protect your information resources.
Progent's Cisco-certified CCIE network engineers, can help you plan, deploy, manage, and troubleshoot a robust and scalable network infrastructure that provides the protection and performance you need at prices you can afford.
Progent's 64-bit migration experts can help you upgrade cost-effectively to a Microsoft Windows Server 2008 R2 environment by evaluating your current server hardware and software drivers and developing a migration plan that makes efficient use of your existing resources. In addition, Progent can help you move up to 64-bit versions of other Microsoft server platforms including Exchange Server, SQL Server, and SharePoint. Microsoft Gold-certified Windows 7 consultants can assist you to the 64-bit edition of Microsoft Windows 7 and can help you assess the business advantage of upgrading key desktop applications to 64-bit versions.
If you already run Windows Server 2008 R2 and are considering an upgrade to Windows Server 2012, Progent can help you plan and carry out an efficient migration to Windows Server 2012.
Progent's Online Support Helps Your Business Get Back to Business
Progent is an industry veteran in delivering remote consulting and troubleshooting services and has provided remote support to companies in every state in the United States (Visit Progent's Client Testimonials.) Online consulting and troubleshooting avoids the delay and expense of travel and resolves issues faster than onsite service calls.
Contact Progent for Help with Windows Server 2008 R2
To get in touch with Progent about consulting or troubleshooting help with technologies associated with Microsoft Windows Server 2008 R2, call 1-800-993-9400 or email email@example.com.